On 10/17/2012 05:51 PM, SilverTip257 wrote: > I recall others on this list are using fail2ban to block brute force > login attempts. > Packages are from the EPEL repo, so I'm just sharing some knowledge here. > > For about two months now I've had a CentOS 6.3 box (web host) in > production that occasionally is ftp brute forced. > Oddly enough fail2ban wasn't nabbing the perpetrators. I found that > the iptables chain for VSFTP isn't created for one. > > I have finally come to find [0] that indicates there's a problem with > the inotify backend. > Setting backend=gamin in /etc/fail2ban/jail.conf gives me the iptables > chain I expect to find and one blocked host. > > Hope this is helpful to somebody until a new version is commited to EPEL. > > <quote> > yarikoptic: > ok -- that point was not yet good ;) now (0.8.6-95-gc0c1232) that > branch seems to work just perfect. If I hear no complaints or do not > see problem with my instance -- I will merge it into master tomorrow, > thus closing this issue > </quote> > > [0] https://github.com/fail2ban/fail2ban/issues/44 > Thanks for the tip (I know it's a very old message). I have updated recently to 6 and see that fail2band ssh dos no longer works. Indeed after log rotate fail2ban seems to follow the old log file instead of the newly created /var/log/secure. I had backend = auto in /etc/fail2ban/jail.conf and gamin and pyinotify are both installed. I now changed backend to gamin and give it another try. The next log rotate is next week.... Anyone else using fail2ban with CentOS6 installed from epel? fail2ban-0.8.8-2.el6.noarch on CentOS6.4 Theo